Access control system with wireless communication

ABSTRACT

An environment access control system that includes an operating environment including one or more access controlled locations, each of the location(s) secured with at least one entry point. Also included is a plurality of wireless signal generating devices each emitting a wireless signal to be received by a mobile device located within the operating environment. Further included is a network device determining a position of the mobile device and comparing the position of the mobile device to the at least one entry point to provide a simplified access request option to a user of the mobile device, the network device determining access to the one or more access controlled locations of the operating environment.

BACKGROUND

Building access control systems typically require a user to step into aspecified area and subsequently request entry to a desired destinationarea of the building. The request may be performed offline with anencoded physical element, such as a key card, that indicates accessrights (e.g., credentials) for the user. The key card, or the like, isdetected by a reader and access, such as through a door, may be grantedby unlocking and/or opening the door. An example is a hotel lockingsystem in which a front desk worker encodes a guest card and an offline,battery powered lock on a guest room door decodes the key card and thuspermits or denies access based on the encoded access rights. Some accesscontrol systems are generally operated in an online mode, where readerscommunicate with a centralized server of the access control system via anetwork to determine whether or not to grant access.

The above-described access control systems require a user to haveknowledge of, or remember, a unique entry point name or location,thereby often frustrating an individual during the user experience.

BRIEF SUMMARY

Disclosed is an environment access control system that includes anoperating environment including one or more access controlled locations,each of the location(s) secured with at least one entry point. Alsoincluded is a plurality of wireless signal generating devices eachemitting a wireless signal to be received by a mobile device locatedwithin the operating environment. Further included is a network devicedetermining a position of the mobile device and comparing the positionof the mobile device to the at least one entry point to provide asimplified access request option to a user of the mobile device, thenetwork device determining access to the one or more access controlledlocations of the operating environment.

In addition to one or more of the features described above, or as analternative, further embodiments may include one or more access pointsin operative communication with the network device, the access point(s)connecting the mobile device to the network device, wherein the networkdevice is programmed with a coordinate location of the access point(s)to form a knowledge based system (KB S).

In addition to one or more of the features described above, or as analternative, further embodiments may include that the access controlledlocation(s) is secured with a plurality of entry points, wherein thenetwork device determines which of the plurality of entry points is tobe employed by a user of the mobile device based on a location of themobile device that is known from the KBS and a received signal strengthindication (RSSI) of the mobile device.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the entry pointdetermined is an entry point that is closest in proximity to the mobiledevice.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the plurality ofwireless signal generating devices comprises at least one of a wirelessbeacon and a wireless reader.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the operatingenvironment comprises at least one building.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the one or more accesscontrolled location comprises at least one room of the building.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the one or more accesscontrolled location comprises at least one elevator car of the building.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the one or more accesscontrolled location comprises a floor destination of the elevator car.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the wireless signalgenerated by at least one of the plurality of wireless signal generatingdevices is a Bluetooth Low Energy (BLE) signal.

Also disclosed is a method of controlling access in an operatingenvironment. The method includes generating a wireless signal with aplurality of wireless signal generating devices located in the operatingenvironment having at least one access controlled location secured witha plurality of entry points. Also included is receiving the wirelesssignal with a mobile device when the mobile device is located within theoperating environment. Further included is connecting the mobile deviceto a network device upon detection of advertisement by the mobile deviceafter the mobile device receives an advertisement from the plurality ofwireless signal generating devices. Yet further included is determininga position of the mobile device. Also included is comparing the positionof the mobile device to the at least one entry point to provide asimplified access request option to a user of the mobile device. Furtherincluded is submitting an access request for the access controlledlocation. Yet further included is determining whether the access requestshould be granted or denied based on credentials stored on the mobiledevice.

In addition to one or more of the features described above, or as analternative, further embodiments may include determining a position ofthe mobile device based on a coordinate location of each of theplurality of wireless signal generating devices that is programmedwithin the network device as a knowledge based system (KBS).

In addition to one or more of the features described above, or as analternative, further embodiments may include determining which of theplurality of entry points is to be employed by a user of the mobiledevice based on the position of the mobile device that is known from theKBS and a received signal strength indication (RSSI) of the mobiledevice.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the entry pointdetermined is an entry point that is closest in proximity to the user.

In addition to one or more of the features described above, or as analternative, further embodiments may include that a user of the mobiledevice initiates the access request by interacting with the mobiledevice.

In addition to one or more of the features described above, or as analternative, further embodiments may include that a user of the mobiledevice initiates the access request by inputting predetermined settingsinto the mobile device.

In addition to one or more of the features described above, or as analternative, further embodiments may include that the wireless signalgenerated by at least one of the plurality of wireless signal generatingdevices is a Bluetooth Low Energy (BLE) signal.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is illustrated by way of example and not limitedin the accompanying figures in which like reference numerals indicatesimilar elements.

FIG. 1 illustrates an environment in an example embodiment.

DETAILED DESCRIPTION

FIG. 1 depicts an environment 10 in an example embodiment. In someembodiments, the environment 10 is a building, a part of a building, ora collection of buildings that are physically located near each other.The environment 10 includes one or more access controlled locations 12.The access controlled locations 12 may be rooms or otherwise enclosedspaces that are secured with at least one entry point 14, such as theillustrated turnstiles, however, any entry barrier such as doors may beemployed. The entry point(s) 14 are typically in a locked condition andaccess must be granted to a user in response to an access request. Eachaccess controlled location 12 may be accessible with one or more entrypoints. For example, one access controlled location may be accessiblevia a single entry point, while other access controlled locations may beaccessible via a plurality of entry points, as shown in FIG. 1.

In addition to the building environment described above, the embodimentsdescribed herein may be applicable to an outdoor setting with accesscontrolled areas or to a building with an elevator system. In the caseof the elevator system, certain elevator cars or floor destinations ofthe building may be access controlled, such that an access request mustbe granted by the access control system described herein.

An access control system 20 is illustrated. The access control system 20may include one or more network devices 22, such as a controller orserver, for example. The network device is configured to control accessoperations for the access controlled location(s) 12 of the accesscontrol system 20. It is understood that the access control system 20may utilize more than one network device 22, and that each networkdevice 22 may control a group of access controlled locations 12.

Also illustrated is a mobile device 24. The mobile device 24 may includea device that is carried by a person, such as a smart phone, PDA,tablet, etc. The mobile device 24 may include wearable items, such as asmart watch, eyewear, etc. The mobile device 24 may include a processor,memory and a communication module. The processor can be any type orcombination of computer processors, such as a microprocessor,microcontroller, digital signal processor, application specificintegrated circuit, programmable logic device, and/or field programmablegate array. The memory is an example of a non-transitory computerreadable storage medium tangibly embodied in the mobile device 24including executable instructions stored therein, for instance, asfirmware. The communication module may implement one or morecommunication protocols, but must support a Bluetooth low energy (BLE)role, as described in further detail herein.

The network device 22 may include a processor, memory and acommunication module. The processor can be any type or combination ofcomputer processors, such as a microprocessor, microcontroller, digitalsignal processor, application specific integrated circuit, programmablelogic device, and/or field programmable gate array. The memory is anexample of a non-transitory computer readable storage medium tangiblyembodied in the network device 22 including executable instructionsstored therein, for instance, as firmware. The communication module mayimplement one or more communication protocols, but must support BLEcommunication, as described in further detail herein.

In an embodiment, the mobile device 24 functions as a BLE central deviceand one or more devices of the access control system 20 functions as aBLE peripheral device, with the mobile device 24 initiatingcommunication and interaction with the access control system 20, as willbe appreciated from the disclosure herein. It is contemplated that theroles may be reversed, such that the mobile device is a BLE peripheraldevice and one or more devices of the access control system 20 functionsas a BLE central device. In the access control system 20 disclosedherein, connection and processing of information is made from as manymobile devices as possible, via the wireless communication Bluetooth lowenergy (BLE).

The access control system 20 includes at least one, but typicallymultiple wireless signal generating devices 26 disposed in theenvironment 10. The wireless signal generating devices 26 may be beaconsor the like, and capable of emitting a BLE signal 28 that BLE-enabledmobile devices can search for, such as the mobile device 24 describedherein, to trigger the mobile device 24 to enter a connection mode withthe access control system 20. Upon receipt of the BLE signal 28, themobile device 24 advertises its presence with an additional BLE signalthat is detectable by one or more access points 30 that are locatedproximate the environment 10. The access point(s) 30 are routers or asimilar wireless device configured to detect the signal from the mobiledevice 24 and that is in operative communication with the network device22. The access point(s) 30 indirectly place the mobile device 24 intoconnection with the network device 22. The network device 22 may belocated on-site (proximate environment 10) or remotely located.

The mobile device 24 can also advertise its presence upon a user openingan application on the mobile device 24, or with the application open theadvertising could be set to start only upon the user entering an accessrequest within the application on the mobile device 24. The mobiledevice 24 is connectable to the wireless signal generating devices 26and the network device 22 when located proximate the environment 10. Insome embodiments, the mobile device 24 is connectable to the componentswhen located within 100 feet, for example. It is to be appreciated thatthis distance/range is an illustrative range and some embodiments willpermit connection with larger or smaller ranges.

Upon connection with the network device 22, the mobile device 24advertises with a credential recognizable by the network device 22, withdata stored on the mobile device 24 that is access request context data.As described above, the access request may be initiated by userinteraction with the mobile device 24 or may be automatically initiatedbased on predetermined settings programmed into the mobile device 24 bythe user or another individual. Once the network device 22 and themobile device 24 are connected, the access control system 20 determinesa position of the mobile device 24. This is done based on the ability ofthe mobile device 24 to store the signal strength of each BLE device(e.g., wireless signal generating devices 26) and by using a positioningalgorithm that determines the coordinates of the mobile device 24. Thecoordinates are three dimensional (x-y-z) in some embodiments, similarto latitude, longitude and altitude. Based on a dictionary that definesrelative positioning that is defined by a knowledge based system (KBS)32 that is programmed in the network device 22 and on a received signalstrength indication (RSSI) of the mobile device 24 relative to one ormore devices of the access control system 20, such as the accesspoint(s) 30 and/or the network device 22. The KBS comprises programmedcoordinates of the system devices, such as the wireless signalgenerating devices 26 and the access point(s) 30, for example. Thisinformation, when combined with the relative position of the mobiledevice 24, is used to determine which entry point 14 is to be utilized.As described above, this may be based solely on the closest entry pointavailable or may consider other factors, such as the number of userscurrently entering various entry points.

The relative position of the mobile device 24 may also be achieved invarious alternative manners, as described below. The mobile device 24can receive and rebroadcast signal details, with the server thendetermining the position and entry point. The mobile device 24 canreceive the signal and trilaterate on the mobile device to sendpositioning, with the server sending to the entry point. The mobiledevice can receive, and trilaterate on the mobile device, then theposition is checked based on a dictionary stored on the mobile device ofall devices. The mobile device can receive and trilaterate on the mobiledevice, then the position is checked based on a dictionary that wasupdated based on last access or additional GPS information. In thissituation, the user doesn't have a full list of devices, only those theycan interact with.

The disclosed embodiments provide a user of the mobile device 24 with asimplified option for making an access request. For example, if a userdesires to enter a specific entry point 14 and is positioned proximatethe desired entry point, the access control system 20 recognizes theposition of the mobile device 24 and determines authorization for accessto that entry point 14. If authorization is permitted, the accesscontrol system 20 indicates on a mobile device 24 interface (e.g.,screen, audible prompt, etc.) only the entry point 14 that the user ispositioned proximate to. This alleviates the burden on the user torecognize which name on a list of entry points 14 or access controlledlocations 12 is desired. It is contemplated that a user has access tomultiple access controlled locations 12 or entry points 14, but theposition knowledge described above reduces the number of optionsprovided to the user. The user can then make the final access request ina more efficient and less burdensome manner. Once the network device 22receives the access request, the network device 22 grants or denies theaccess request. If granted, at least one of the entry points 14 isswitched to an unlocked condition, thereby allowing the user to enterone of the access controlled locations 12. The presentation of asimplified access request option is based on the determined position ofthe mobile device 24 and the access credentials of the mobile device 24.

In some embodiments, when user intent is identified, through gesture,button press, etc., the requesting device sends an authorization requestcommand to the access control system 20 (including access credential andaccess device ID). The access control system 20 validates the requestand sends access device adjustment, such as door opening, if valid.

In some embodiments, user intent is identified, through gesture, buttonpress, etc., the requesting device sends an authorization requestcommand to the access point 30 (including access credential). The accesspoint 30 sends a request to the authorization service (panel or accesscontrol system) which validates the request and sends access deviceadjustment, such as door opening, if valid.

In some embodiments, the mobile device stores the signal strength ofeach BLE device. When user intent is identified, through gesture, buttonpress, etc., the requesting device sends a command to the knowledge basesystem that determines relative position and determines the x-y-zposition of the device. Based on a dictionary that defines relativepositioning (KBS), the access points and devices, the closest reader 60is determined. The device ID is sent back to the mobile device 24. Themobile device 24 then connects and communicates the credential to theidentified access device.

In addition to simply granting access to the user, the access controlsystem 20 may direct the user to a specific entry point 14. This isparticularly beneficial for access controlled locations 12 havingmultiple entry points 14 (e.g., doors, elevator car options, etc.). Theentry point 14 selected may be based on positioning of the mobile device24 and/or a flow efficiency of many users entering the access controlledlocation 12.

In operation, the access control system 20 provides users in theoperating environment 10 with a seamless and interactive access requestexperience. Advantageously, the access control system 20 allows a userto step into the environment and receive the granting of access withoutinteracting with anything other than their mobile device 24 and eventhen only doing so in a minimalistic fashion.

Embodiments may be implemented using one or more technologies. In someembodiments, an apparatus or system may include one or more processors,and memory storing instructions that, when executed by the one or moreprocessors, cause the apparatus or system to perform one or moremethodological acts as described herein. Various mechanical componentsknown to those of skill in the art may be used in some embodiments.

Embodiments may be implemented as one or more apparatuses, systems,and/or methods. In some embodiments, instructions may be stored on oneor more computer program products or computer-readable media, such as atransitory and/or non-transitory computer-readable medium. Theinstructions, when executed, may cause an entity (e.g., a processor,apparatus or system) to perform one or more methodological acts asdescribed herein.

While the disclosure has been described in detail in connection withonly a limited number of embodiments, it should be readily understoodthat the disclosure is not limited to such disclosed embodiments.Rather, the disclosure can be modified to incorporate any number ofvariations, alterations, substitutions or equivalent arrangements notheretofore described, but which are commensurate with the scope of thedisclosure. Additionally, while various embodiments have been described,it is to be understood that aspects of the disclosure may include onlysome of the described embodiments. Accordingly, the disclosure is not tobe seen as limited by the foregoing description, but is only limited bythe scope of the appended claims.

What is claimed is:
 1. An environment access control system comprising:an operating environment including one or more access controlledlocations, each of the location(s) secured with at least one entrypoint; a plurality of wireless signal generating devices each emitting awireless signal to be received by a mobile device located within theoperating environment; and a network device determining a position ofthe mobile device and comparing the position of the mobile device to theat least one entry point to provide a simplified access request optionto a user of the mobile device, the network device determining access tothe one or more access controlled locations of the operatingenvironment; one or more access points in operative communication withthe network device, the access points connecting the mobile device tothe network device, wherein the network device is programmed with acoordinate location of the access points to form a knowledge basedsystem (KBS); wherein the access controlled locations are secured with aplurality of entry points, wherein the network device determines whichof the plurality of entry points is to be employed by a user of themobile device based on a location of the mobile device derived fromreceived signal strength indications (RSSI) at the mobile device basedon signals from the plurality of wireless signal generating devices. 2.The environment access control system of claim 1, wherein the entrypoint determined is an entry point that is closest in proximity to themobile device.
 3. The environment access control system of claim 1,wherein the plurality of wireless signal generating devices comprises atleast one of a wireless beacon and a wireless reader.
 4. The environmentaccess control system of claim 1, wherein the operating environmentcomprises at least one building.
 5. The environment access controlsystem of claim 4, wherein the one or more access controlled locationcomprises at least one room of the building.
 6. The environment accesscontrol system of claim 4, wherein the one or more access controlledlocation comprises at least one elevator car of the building.
 7. Theenvironment access control system of claim 6, wherein the one or moreaccess controlled location comprises a floor destination of the elevatorcar.
 8. The environment access control system of claim 1, wherein thewireless signal generated by at least one of the plurality of wirelesssignal generating devices is a Bluetooth Low Energy (BLE) signal.
 9. Amethod of controlling access in an operating environment comprising:generating a wireless signal with a plurality of wireless signalgenerating devices located in the operating environment having at leastone access controlled location secured with a plurality of entry points;receiving the wireless signal with a mobile device when the mobiledevice is located within the operating environment; connecting themobile device to a network device upon detection of advertisement by themobile device after the mobile device receives an advertisement from theplurality of wireless signal generating devices; determining which ofthe plurality of entry points is to be employed by a user of the mobiledevice based on the position of the mobile device that is derived fromreceived signal strength indications (RSSI) at the mobile device basedon signals from the plurality of wireless signal generating devices;providing a simplified access request option to a user of the mobiledevice; submitting an access request for the access controlled location;and determining whether the access request should be granted or deniedbased on credentials stored on the mobile device.
 10. The method ofclaim 9, wherein the entry point determined is an entry point that isclosest in proximity to the user.
 11. The method of claim 9, wherein auser of the mobile device initiates the access request by interactingwith the mobile device.
 12. The method of claim 9, wherein a user of themobile device initiates the access request by inputting predeterminedsettings into the mobile device.
 13. The method of claim 9, wherein thewireless signal generated by at least one of the plurality of wirelesssignal generating devices is a Bluetooth Low Energy (BLE) signal.